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DETAILED ACTION 
Response to Amendment 

1 . This action is in response to the amendment filed 01/12/2005. Claim 1 has been 
amended. 



Response to Arguments 

2. Applicants arguments filed 01/12/2005 have been fully considered but they are 
not persuasive. Regarding the rejection of claim 1 , applicant argues that Asay does not 
disclose two certificates generated by respective CAs that are independent of each 
other (p. 6, 2 nd par). Asay shows that a message comprises a device certificate and a 
subscriber's certificate (fig. 8). Asay further discloses that the device certificate is 
issued by the manufacture which is in a certification authority hierarchy (fig. 6, element 
206; col. 37, lines 55-60) and that the subscriber's certificate can be issued by one of 
the sponsors (fig. 6, element 208; col. 32, lines 9-14). The sponsors, in addition to 
issuing certificates, also maintain and verify issued certificates; therefore, each sponsor 
is functionally equivalent to a CA (col. 32, lines 16-19; col. 33, lines 14-19). Figure 6 
and lines 9-1 9 of column 32 shows that the certification authority hierarchy and the 
sponsors are two separate systems and independent of each other such that no trust 
relationship exists between them. Regarding applicant's argument with respect to the 
rejection of claim 7, Asay shows that a message comprises a device certificate and a 
subscriber's certificate (fig. 8). Accordingly, two IDs corresponding to the two 
certificates are needed for the ID payload. 
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Claim Objections 

3. Claim 6 is objected to because of the following informalities: claim 6 has been 
amended to be dependent upon claim 5 instead of claim 4; however '4' has not been 
deleted. Appropriate correction is required. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 1-18 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Harkins et al, "RFC 2409 - The Internet Key Exchange (IKE)", in view of Asay et al 
(5903,882). 

Regarding claims 1-3 and 13-15, Harkins discloses a computer authentication 
protocol comprising sending a certificate payload from a sending computer to a 
receiving computer, the certificate payload including the sender's certificate (Section 
3.2, Notation; Section 5.1, IKE Phase 1 Authentication With Signature). Harkins does 
not disclose sending two certificates each being generated by a respective certificate 
authority (CA), the certificate authorities being independent of each other such that no 
trust relationship exists between the CAs. Asay discloses sending two certificates, the 
certificate of the subscriber together with the certificate of the host device (fig. 8). Asay 
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further discloses that the device certificate is issued by the manufacture that is certified 
in a certification authority hierarchy (fig. 6, element 206; col. 37, lines 55-60) and that 
the subscriber's certificate can be issued by one of the sponsors (fig. 6, element 208; 
col. 32, lines 9-14). The sponsors, in addition to issuing certificates, also maintain and 
verify issued certificates; therefore, each sponsor is functionally equivalent to a CA (col. 
32, lines 16-19; col. 33, lines 14-19). Figure 6 and lines 9-19 of column 32 shows that 
the certification authority hierarchy and the sponsors are two separate systems and 
independent of each other such that no trust relationship exists between them. It would 
have been obvious to one of ordinary skill in the art at the time the invention was made 
to modify the Harkins protocol to send two certificates, the certificate of the sender 
together with the certificate of the host device, each certificate being generated by a 
respective certificate authority (CA), the certificate authorities being independent of 
each other such that no trust relationship exists between the CAs, as taught by Asay. 
The host device could be authenticated using the device's certificate (col. 36, line 64 - 
col. 37, line 11). 

Regarding claims 4 and 16, Harkins discloses sending at least one identification 
(ID) payload between the computers, the ID payload including the sender's ID (Section 
5.1 , IKE Phase 1 Authentication With Signature). Harkins does not disclose the ID 
payload being generated by combining the IDs of at least two entities; however, this 
feature is obvious by the combination of Harkins and Asay discussed above. It would 
have been obvious to one of ordinary skill in the art at the time the invention was made 
to modify the Harkins protocol such that the ID payload is generated by combining the 
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IDs of two entities. Please refer to motivation recited for using two certificates for 
authentication as taught by Asay in claim 1. 

Regarding claims 5 and 17, Harkins discloses sending at least one signature 
payload between the computers, the signature payload including the sender's signature 
(Section 5.1, IKE Phase 1 Authentication With Signature). Harkins does not disclose 
the signature payload being generated by concatenating the signatures of at least two 
entities; however, this feature is obvious by the combination of Harkins and Asay 
discussed above. It would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the Harkins protocol such that the signature 
payload is generated by concatenating the signatures of two entities. Please refer to 
motivation recited for using two certificates for authentication as taught by Asay in claim 
1. 

Regarding claim 7, Harkins discloses a device comprising means for generating 
and sending an ID payload and a certificate payload from a sending computer to a 
receiving computer, the ID payload including the sender's ID, the certificate payload 
including the sender's certificate (Section 3.2, Notation; Section 5.1, IKE Phase 1 
Authentication With Signature). Harkins does not disclose sending a second ID and a 
second certificate associated with an entity different than the sender. Asay discloses 
sending the IDs and certificates associated with two entities, a sender and the host 
device (col. 32, lines 9-17; figure 6, elements 206, 208; and figure 8). It would have 
been obvious to one of ordinary skill in the art at the time the invention was made to 
modify the Harkins device to send the IDs and certificates associated with both the 
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sender and the host device, as taught by Asay. The host device could be 
authenticated using the device's certificate (col. 36, line 64 - col. 37, line 11). 
Accordingly, the ID payload includes the two IDs corresponding to the two certificates. 

Regarding claim 8, Harkins discloses means for generating one signature 
payload including the sender's signature (Section 5.1, IKE Phase 1 Authentication With 
Signature). Harkins does not disclose the signature payload being generated by 
concatenating the signatures of at least two entities; however, this feature is obvious by 
the combination of Harkins and Asay discussed above. It would have been obvious to 
one of ordinary skill in the art at the time the invention was made to modify the Harkins 
device such that the signature payload is generated by concatenating the signatures of 
two entities. Please refer to motivation recited for using two certificates for 
authentication as taught by Asay in claim 7. 

Regarding claim 10, Harkins discloses a device comprising means for generating 
and sending a signature payload and a certificate payload from a sending computer to a 
receiving computer, the signature payload including the sender's signature, the 
certificate payload including the sender's certificate (Section 3.2, Notation; Section 5.1, 
IKE Phase 1 Authentication With Signature). Harkins does not disclose sending a 
second signature and a second certificate associated with an entity different than the 
sender. Asay discloses sending the signatures and certificates associated with two 
entities, a sender and the host device (col. 32, lines 9-17; figure 6, elements 206, 208; 
and figure 8). It would have been obvious to one of ordinary skill in the art at the time 
the invention was made to modify the Harkins device to send the signatures and 
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certificates associated with both the sender and the host device, as taught by Asay. 
The host device could be authenticated using the device's certificate (col. 36, line 64 - 
col. 37, line 11). Accordingly, the signature payload is generated by concatenating the 
two signatures. 

Regarding claims 6, 9, 1 1 and 18, Harkins further discloses that a signature is 
formed by applying a pseudorandom function to at least the associated ID to render a 
result, and then encrypting the result with a private key associated with the entity 
represented by the ID (Section 5, Exchange, "To authenticate either ... HASH_R 
directly"). 

Regarding claim 12, Harkins discloses means for generating and sending an ID 
payload including the sender's ID (Section 5.1, IKE Phase 1 Authentication With 
Signature). Harkins does not disclose the ID payload being generated by combining the 
IDs of two entities; however, this feature is obvious by the combination of Harkins and 
Asay discussed in claim 10. It would have been obvious to one of ordinary skill in the 
art at the time the invention was made to modify the Harkins device such that the ID 
payload is generated by combining the IDs of two entities. Please refer to motivation 
recited for using two certificates for authentication as taught by Asay in claim 10. 

Conclusion 

6. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Project P710 - Security for the TMN X-lnterface, EURESCOM 
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7. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Minh Dinh whose telephone number is 571-272-3802. 
The examiner can normally be reached on Mon-Fri: 10:00am-6:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
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you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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Examiner 
Art Unit 2132 



MD 

4/11/05 



fill BERTO BARRON J* 1 * U 



GILBERTO BARRON 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



